CVE-2025-3575 Insecure Direct Object Reference en Deporsite de T-INNOVA

Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/establecerUsuarioSeleccion" endpoint...

CVE-2025-3575 Insecure Direct Object Reference en Deporsite de T-INNOVA

Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/establecerUsuarioSeleccion" endpoint...

CVE-2025-3575

CVE-2025-3575 affects Deporsite from T-INNOVA. The vulnerability is an Insecure Direct Object Reference allowing an attacker to retrieve sensitive information from other users through the idUsuario parameter at /helper/Familia/establecerUsuarioSeleccion. The CVE entry notes a high impact with CVS...

CVE-2025-3574 Insecure Direct Object Reference on Deporsite by T-INNOVA

Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/obtenerFamiliaUsuario" endpoint...

CVE-2025-3574 Insecure Direct Object Reference on Deporsite by T-INNOVA

Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/obtenerFamiliaUsuario" endpoint...

CVE-2025-3574

CVE-2025-3574 —Insecure Direct Object Reference in Deporsite (T-INNOVA). An attacker can retrieve another user’s sensitive information by manipulating the idUsuario parameter of the /helper/Familia/obtenerFamiliaUsuario endpoint. Root cause: improper access control on user data access. Documented...

CVE-2025-3292

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationupdateprofiledetails due to missing validation on the 'userid' use...

CVE-2025-3282

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationmembershipregistermember due to missing validation on the...

CVE-2025-32367

The Oz Forensics face recognition application before 4.0.8 late 2023 allows PII retrieval via /statistic/list Insecure Direct Object Reference. NOTE: the number 4.0.8 was used for both the unpatched and patched versions...

CVE-2025-3292

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationupdateprofiledetails due to missing validation on the 'userid' use...

CVE-2025-3282

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationmembershipregistermember due to missing validation on the...

CVE-2025-3282

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationmembershipregistermember due to missing validation on the...

CVE-2025-3282 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Unauthenticated Membership Modification

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationmembershipregistermember due to missing validation on the...

CVE-2025-3282

CVE-2025-3282 affects the WordPress plugin User Registration & Membership – Custom Registration Form, Login Form, and User Profile . The flaw is an Insecure Direct Object Reference via the missing validation of the but publicly controllable key membership_id, enabling unauthenticated attackers to...

CVE-2025-3292 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationupdateprofiledetails due to missing validation on the 'userid' use...

CVE-2025-3292 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update

The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the userregistrationupdateprofiledetails due to missing validation on the 'userid' use...

CVE-2025-3292

CVE-2025-3292 concerns the WordPress plugin “User Registration & Membership – Custom Registration Form, Login Form, and User Profile.” It is vulnerable to Insecure Direct Object Reference due to missing validation on the user_id parameter, enabling update of other users’ passwords when an attacke...

WordPress plugin User Registration & Membership 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-16168 · WordPress · User Registration & Membership

Name of the Vulnerable Software and Affected Versions: User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress versions up to, and including, 4.1.3 Description: The issue allows unauthenticated attackers to update other users' passwords if they...

WordPress User Registration plugin <= 4.1.3 - Insecure Direct Object Reference to Unauthenticated Membership Modification vulnerability

Insecure Direct Object Reference to Unauthenticated Membership Modification vulnerability discovered by wesley wcraft in WordPress Plugin User Registration versions = 4.1.3...